Hardware Private Circuits: From Trivial Composition to Full Verification

Abstract: The design of glitch-resistant higher-order masking schemes is an important challenge in cryptographic engineering. A recent work by Moos et al. (CHES 2019) showed that most published schemes (and all efficient ones) exhibit local or composability flaws at high security orders, leaving a critical gap in the literature on hardware masking. In this paper, we first extend the simulatability framework of Belaïd et al. (EUROCRYPT 2016) and prove that a compositional strategy that is correct without glitches remai… Show more

“…In the following, we work with partial circuit executions. This concept matches the model of circuit from [ISW03,CGLS20] since time ordering and absence of combinational loop guarantee that a circuit execution is a directed acyclic graph (DAG). The addition we bring to these models correspond to the structural information needed to identify the possible transition-extended probes.…”

“…The construction of a glitch-robust and composable masking scheme in [CGLS20] is based on the adaptation of simulatability to the glitch-robust probing model. Definition 16 (Glitch-robust simulatability [CGLS20]). A set of extended adversarial probes P in a gadget execution G can be glitch-robustly simulated by a set of input shares I = {(i 1 , j 1 ), .…”

“…The security based on isolated circuit shares is well suited to withstand glitches: since glitches propagate through wires, a probe that observes glitches in a circuit share gets information only about that circuit share. This observation is the basis for the glitch-robust composition strategy of [CGLS20], which states that composing glitch-robust PINI gadgets guarantees probing security in the presence of glitches. The glitch-robust PINI definition cares for glitches that happen inside a gadget, imposing that, when looking "from outside", they seem to touch only one circuit share.…”

“…It turns out analyzing transitions is non-trivial and requires additional refinements of the standard circuit models used in probing security proofs. But proofs show that efficient design strategies can be used to rule out these physical defaults and that some state-of-the-art gadgets already lead to implementations that are glitch+transition-probing secure [CGLS20].…”

“…simulate which output and internal probes. A (simulatability-based) compositional strategy is a policy that assigns a property (in the form of a simulatability-based definition) to each of the gadgets in a composite circuits [CGLS20]. It guarantees that if the circuit is instantiated with gadgets that satisfy those definitions, then the circuit is probing secure.…”

Provably Secure Hardware Masking in the Transition- and Glitch-Robust Probing Model: Better Safe than Sorry

“…In the following, we work with partial circuit executions. This concept matches the model of circuit from [ISW03,CGLS20] since time ordering and absence of combinational loop guarantee that a circuit execution is a directed acyclic graph (DAG). The addition we bring to these models correspond to the structural information needed to identify the possible transition-extended probes.…”

“…The construction of a glitch-robust and composable masking scheme in [CGLS20] is based on the adaptation of simulatability to the glitch-robust probing model. Definition 16 (Glitch-robust simulatability [CGLS20]). A set of extended adversarial probes P in a gadget execution G can be glitch-robustly simulated by a set of input shares I = {(i 1 , j 1 ), .…”

“…The security based on isolated circuit shares is well suited to withstand glitches: since glitches propagate through wires, a probe that observes glitches in a circuit share gets information only about that circuit share. This observation is the basis for the glitch-robust composition strategy of [CGLS20], which states that composing glitch-robust PINI gadgets guarantees probing security in the presence of glitches. The glitch-robust PINI definition cares for glitches that happen inside a gadget, imposing that, when looking "from outside", they seem to touch only one circuit share.…”

“…It turns out analyzing transitions is non-trivial and requires additional refinements of the standard circuit models used in probing security proofs. But proofs show that efficient design strategies can be used to rule out these physical defaults and that some state-of-the-art gadgets already lead to implementations that are glitch+transition-probing secure [CGLS20].…”

“…simulate which output and internal probes. A (simulatability-based) compositional strategy is a policy that assigns a property (in the form of a simulatability-based definition) to each of the gadgets in a composite circuits [CGLS20]. It guarantees that if the circuit is instantiated with gadgets that satisfy those definitions, then the circuit is probing secure.…”

Provably Secure Hardware Masking in the Transition- and Glitch-Robust Probing Model: Better Safe than Sorry

Mode-Level vs. Implementation-Level Physical Security in Symmetric Cryptography

SILVER – Statistical Independence and Leakage Verification